What is COPPA Compliance and How to comply with COPPA

This article gives you a complete overview on What is COPPA Compliance? and the Guidelines of COPPA requirements. The Children's Online Privacy Protection Act (COPPA) is an act passed by the U.S. Congress in 1998 in light of online marketing that allowed businesses to collect information from anyone regardless of their age. This meant that children could give personally-identifying information without knowledge that could be used by the organizations without parent's consent. This meant that children were left exposed which then forced Congress to come up with COPPA to protect children under the age of 13 years from exploitation by businesses.

Here is a Brief on What is COPPA Compliance. The COPPA act outlines what kind of information can be collected from children under the age of 13 years. It requires that parental consent be given before any data is collected from children and that the parent has access to such data and the right to delete it. Furthermore, it outlines what kind of practice puts a business under COPPA compliance and what to do in order to comply with the act.

What is COPPA Compliance

COPPA's reach goes beyond the United States and affects all businesses and institutions globally that at any point may interact with users under the age of 13 years living in the U.S. This, therefore, means that every business and institution's website whose users may be under 13 years must comply with the COPPA act.

What is COPPA Compliance and Who does it affect?

COPPA was primarily targeted at businesses that did online marketing to internet users under the age of 13. This allowed them to exploit children's information without their knowledge and advertise to them. The scope, however, has been expanded to include any website or online service that collects personal information of users under the age of 13, any general site or online service that has actual knowledge that some of its users are under 13 years old, or any third-party site that collects information on behalf of another site and has actual knowledge that some of that other site's users are children under 13 years old. Essentially, any business website or online service that is associated with children under 13 years.

Under COPPA, any personal information is required to be safeguarded for privacy and requires parental consent before being collected. Such data include full name, sex, age, home address, telephone number, social security number, cookies that track a user's history, the child's image or voice, location, and any data that the parent may deem unfit to share. This, therefore, means that game apps, social network apps, plugins, internet-connected toys, VoIP services, and any such sites must comply with COPPA.


Any online assets directed at children must also comply with COPPA whether they do or do not have actual knowledge that users under the age of 13 have access to the site. A site can be directed towards children if:

  • It has animated characters or child-oriented visuals.
  • Whether it uses music designed to appeal to children under the age of 13 years.
  • Speech patterns and language geared towards children.
  • Advertising directed at children.
  • Its audience and user-base composition.

For example, the above two apps appear to be directed towards children due to their use of animated characters. With this you know what is COPPA Compliance is and how to comply with the COPPA guidelines.

How to comply with COPPA

If your online business, site, or online service falls under COPPA compliance, then you have to ensure that you comply to avoid interruption of business as well as lawsuits. Here are some of the things you need to ensure in order to remain compliant.

A prominent Privacy Policy

Your site must display a privacy policy visibly noticeable on each page that personal information is being collected. The policy should be bold and use a language easy to understand for children under the age of 13. It should not have any advertising material on it or misleading information. It should outline the type of data collected, how the site collects such data, how it handles it, including any third parties that might have access to such information.


Parental notification

You're required to notify the parent of the child using your service before any information is collected. The notice has to outline how you got their contact, the information you need to collect, how the information will be used, request for their consent, what happens if they don’t consent, and a link to your site's privacy policy.

Parental consent

You must obtain verifiable parental consent by ensuring the person giving the consent is the actual parent. This can be done by providing a consent form via mail, fax, or scanning. You can require them to use a debit/credit card or a telephone call, verifying the parent's information from the government database and later deleting it after confirmation.

What happens if you don’t comply with COPPA

Lack of compliance amounts to unfair or deceptive trade practice and can lead to massive fines. To help keep children's data safe from cybersecurity loopholes and scavengers, we recommend using NuEduSec internet security for schools and businesses dealing with students. It's a cloud-based platform providing protection to students at school, in the classroom or at home while also providing a trouble-free Internet experience in your school network. It also covers CIPA compliance, tracks students’ activities online and raises a flag if a student visits malicious sites, allowing proactive shared roles and responsibilities, device tracking and management as well as secure web filtering and enhanced visibility.